What is Event Monitoring?
Event Monitoring is a Salesforce feature for a Salesforce administrator to assist them to screen and detect well known activities in Salesforce in close to real-time. It is one of the many tools provided with the aid of Salesforce to maintain your records safe by way of permitting the Salesforce administrator to see the granular details of user activities referred to as occasions. The Salesforce administrator can view information about individual activities or track trends in occasions to unexpectedly become aware of abnormal behavior and shield their company’s records.
With real-time event tracking you benefit extra insights on:
- Who viewed what records and when?
- Where was the information accessed?
- When a person makes change to data via the usage of a UI?
- Who is logging in and from where?
- Who in your enterprise is performing moves associated with Platform Encryption administration?
- Which admin logged in as any other person and the movements that admin took as that person?
- How long it takes a lightning web page to load?
Some of the sort events that may be tracked are:
- URI (web clicks in Salesforce classic)
- Lightning (web clicks, performance, and Errors in Lightning Experience and he Salesforce mobile app)
- Visualforce page loads
- API Call
- Apex Executions
- Report exports
These events are stored in event log files. An event log file is generated when an event occurs in an organization and is available to view and download after 24 hours. The event types that can be accessed and how long the files remain available depends on edition under use.
How to enable Event Monitoring?
Event Monitoring is an add-on provided by Salesforce which can be purchased by contacting the Salesforce sales representative or Account Executive. After purchasing it you would be allowed to access all event types in the following
- Event Log File:
Represents event log files for event monitoring. The event monitoring product gathers information about your Salesforce org’s operational events, which you can use to analyze usage trends and user behavior. … To view the underlying event data, query the LogFile field
This is an event log of windows XP just to give you a basic idea what event log file looks like.
- Login Event object:
LoginEvent tracks login activity of users who log in to Salesforce. You can use LoginEvent in a transaction security policy. LoginEvent is a big object that stores the event data of LoginEventStream. This object is available in API version 36.0 and later.
- Transaction Security:
Transaction Security is a framework that intercepts real-time Salesforce events and applies appropriate actions and notifications based on security policies you create. Transaction Security monitors events according to the policies that you set up. These policies are applied against events in your org and specify actions to take when certain event combinations occur. When a policy is triggered, you can have an action taken and receive an optional notification.
- Event Monitoring Analytics app
The Event Monitoring Analytics App integrates with event monitoring and setup audit trail data to give you insights into your user and org behavior. The app is a built-in way to explore your monitoring data in Salesforce. App creation is easy and with its prebuilt dashboards and datasets, you can start exploring right away. This app helps you drill into your org’s data and swiftly identify suspicious behavior, slow page performance, and poor user adoption.
Steps to Enable Event Monitoring dashboards in Salesforce Sandbox:
Enable Login Forensics and Event Log File Integration with Event Monitoring Analytics App
2) Open Analytics studio app
Click on that and a new tab will open
3) Click on CREATE.
4) You will see stages 1 to 5 don’t transform anything with the exception of the no. of days to 30
Name the App “Occasion Monitoring App”
The application will run and you will see the beneath screen capture and an email will be sent once its prepared.
Using Event Monitoring:
When the Event Monitoring add-on is purchased from Salesforce it allows you to access the EventLogFile which contains the events that occurred. These files are read only and cannot be updated or deleted. Log file generation depends on the event to occur, if an event(represented by the EventType field) does not occur the log file will not be generated, but if the event occurs and the log file is not created then you should contact the Salesforce Customer Support.
- In the unlikely case in which no log files are generated for 24 hours, contact Salesforce Customer Support.
- Log data is read only. You can’t insert, update, or delete log data.
- Use the EventType field to determine which files were generated for your org.
- An event generates log data in real time. However, daily log files are generated during nonpeak hours the day after an event takes place. Therefore, daily log file data is unavailable for at least one day after an event. For hourly log files, depending on event delivery and final processing time, an event is expected to take three to six hours from the time of the event to be available in the log file. However, it can take longer.
- Log files are generated only when at least one event of a type (represented by the EventType field) occurs for the day or hour. If no events took place, the file isn’t generated.
- Log files are available based on CreatedDate for the last 30 days when orgs purchase Event Monitoring or one day for Developer Edition orgs.
- All event monitoring logs are exposed to the API through the EventLogFile object. However, there is no access through the user interface, except through the Event Monitoring Analytics app.
- Event Monitoring log files aren’t a system of record for user activity. They are a source of truth, but aren’t durable. During Salesforce site switches, instance refreshes, or unplanned system outages, data loss can occur. For example, if Salesforce moves your production org instance, your event log files might have a gap in data. Salesforce makes commercially reasonable efforts to preserve event log file data integrity and avoid data loss. When Salesforce performs a site switch or instance refresh, it uses an automated process to replicate event logs.
- Hourly event log files are provided for you to review events in your orgs on an accelerated basis. However, it’s possible that you don’t get all event log data in hourly event log files, especially during site switches, instance refreshes, or unplanned system outages. For complete data, use the daily log files.
- If event transmission failures take too long to recover from, log files are retransmitted to ensure that they are delivered at least once. As a result, latent log files can sometimes contain duplicate event data. When your application consumes latent log files, make sure that your application handles duplicate event delivery.
As always, we @CloudFountain, would love to hear your feedback. In the current pandemic #covid19 situation, please stay safe and healthy.